daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2020-26413.yaml

patch-1
Prince Chaddha 2021-11-06 20:18:27 +05:30 committed by GitHub
parent 5aeb4de8c8
commit 0e27f24138
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cves/2020/CVE-2020-26413.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2020-26413 id: CVE-2020-26413
info: info:
name: GitLab information leak (CVE-2020-26413) name: Gitlab User enumeration via Graphql API CVE-2020-26413
author: _0xf4n9x_ author: _0xf4n9x_,pikpikcu
severity: medium severity: medium
description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible. description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
reference: reference:
- https://gitlab.com/gitlab-org/gitlab/-/issues/244275 - https://gitlab.com/gitlab-org/gitlab/-/issues/244275
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json - https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json
- https://nvd.nist.gov/vuln/detail/CVE-2020-26413 - https://nvd.nist.gov/vuln/detail/CVE-2020-26413
tags: exposure,cve,cve2020,gitlab tags: exposure,cve,cve2020,gitlab,enumeration
requests: requests:
- raw: - raw:
@ -31,10 +31,20 @@ requests:
part: body part: body
words: words:
- "username" - "username"
- "email"
- "avatarUrl" - "avatarUrl"
condition: and condition: and
- type: status - type: status
status: status:
- 200 - 200
- type: regex
part: body
regex:
- 'email":"([a-z@.]+)"'
extractors:
- type: regex
part: body
regex:
- '"email":"([a-z@.]+)"'